Information processing apparatus, method of controlling same, and storage medium

ABSTRACT

An information processing apparatus which is capable of ensuring mutual security in cases where security information is displayed in a state in which an image displayed on a display is open to the outside. A display displays an operation screen of the apparatus. An input section receives an operation instruction to the apparatus, and a network interface receives an operation instruction to the apparatus from an external device. A control section determines whether an instruction for displaying an operation screen containing security information is received from the input section or via the network interface. When determining that the instruction is received via the network interface, the control unit cause screen data for displaying the operation screen to be transmitted to the external device, and the operation screen containing the security information to be prevented from being displayed on the display.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an information processing apparatus anda method of controlling the information processing apparatus, and moreparticularly, to an information processing apparatus and a method ofcontrolling the information processing apparatus characterized bytechniques of security measures taken when an image displayed on adisplay is output to an external device, or inversely, an imagedisplayed on the external device is output to the display, as well as acomputer-readable storage medium storing a computer-executable programfor executing the method.

2. Description of the Related Art

Recently, it becomes possible to display a desktop screen of onecomputer on another computer via a network by making use the followingsoftware: VNC (Virtual Network Computing: AT & T Cambridge ResearchLaboratory), Remote Assistance by Microsoft Corporation, Desktop on Callby IMB, and so forth, for example. Many of the above-mentioned softwarecause the desktop screen to be displayed on the other computer, whileensuring security by requesting a password for authentication at thetime of connection to the one computer (see e.g. Japanese PatentLaid-Open Publication No. 2003-66826).

Further, in recent years, a character input technique referred to as avirtual keyboard, a screen keyboard, or a software keyboard has beenrealized, and there are cases where a password or information havinghigh security is input using such a keyboard.

For example, many of PDAs are not provided with a keyboard as hardwaredue to mechanical restrictions, and hence a virtual keyboard on whichthe alphabetic keys are arranged is displayed on a touch panel LCD, anddesired characters are entered by operating this virtual keyboard.

On the other hand, in a general personal computer or the like having akeyboard as hardware, if a virtual keyboard is displayed on a displaythereof, it is also possible to select desired ones from the alphabetickeys displayed thereon with a mouse. Therefore, it is possible toachieve character entry only by operating the mouse.

For example, on such a virtual keyboard, it is general that highlightingof each selected key or like processing is performed so as to enablepressing of the key to be easily recognized.

Now, when a virtual keyboard is used in such a state in which thedesktop screen is open to the outside, highlighting of the selected keycan be viewed on the external device. Insofar as ordinary text input isconcerned, there is no problem. However, if character entry is performedfor the purpose of inputting a password or the like, there is apossibility of occurrence of a problem that security cannot be assured.

To cope with this problem, in a situation where security is required tobe ensured, e.g. at the time of inputting a password or the like, it isa conventional practice not to permit the desktop screen to be open tothe outside for security assurance (see e.g. Japanese Patent Laid-OpenPublication No. 2005-284375).

However, when a password is input, by displaying a screen of a computer(local computer) on an external computer (remote computer), the softwarekeyboard is displayed for an input operation. Then, highlighting of akey occurring as a response to pressing of the key performed forinputting the password is displayed on the display of the localcomputer. As a result, the password which is being input from the remotecomputer can be viewed on the display of the local computer, whichbrings about a security problem.

SUMMARY OF THE INVENTION

The present invention provides an information processing apparatus and amethod of controlling the information processing apparatus which arecapable of ensuring mutual security in cases where security informationis displayed in a state in which an image displayed on a display is opento the outside, and a computer-readable storage medium storing acomputer-executable program for executing the method.

More specifically, the present invention provides an informationprocessing apparatus and a control method which are capable of ensuringsecurity in case where security information is displayed on a display ina state in which an image displayed on the display is open to theoutside, and further are capable of ensuring security in case where thesecurity information is displayed on the external display, and acomputer-readable storage medium storing a computer-executable programfor executing the method.

In a first aspect of the present invention, there is provided aninformation processing apparatus that is connected to an externalapparatus via a network comprising a display adapted to display anoperation screen of the information processing apparatus, an operatingsection adapted to receive an operation instruction to the informationprocessing apparatus, a reception unit adapted to receive an operationinstruction to the information processing apparatus from the externaldevice, a determining unit adapted to determine whether an instructionfor displaying an operation screen containing security information isreceived from the operating section or from the reception unit, and acontrol unit adapted to be operable when it is determined that aninstruction for displaying the operation screen containing the securityinformation is received from the reception unit, to cause screen datafor displaying the operation screen containing the security informationto be transmitted to the external device, and the operation screencontaining the security information to be prevented from being displayedon the display.

In a second aspect of the present invention, there is provided a methodof controlling an information processing apparatus which is connected toan external device via a network, and includes a display which displaysan operation screen of the information processing apparatus, anoperating section for receiving an operation instruction to theinformation processing apparatus, and a reception unit for receiving anoperation instruction to the information processing apparatus from theexternal device, comprising determining whether an instruction fordisplaying an operation screen containing security information isreceived from the operating section or from the reception unit, andcausing, when it is determined that the instruction for displaying theoperation screen containing the security information is received fromthe reception unit, screen data for displaying the operation screencontaining the security information to be transmitted to the externaldevice, and the operation screen containing the security information tobe prevented from being displayed on the display.

In a third aspect of the present invention, there is provided acomputer-readable storage medium storing a computer-executable programfor causing a computer to execute a method of controlling an informationprocessing apparatus which is connected to an external device via anetwork, and includes a display which displays an operation screen ofthe information processing apparatus, an operating section for receivingan operation instruction to the information processing apparatus, and areception unit for receiving an operation instruction to the informationprocessing apparatus from the external device, wherein the methodcomprises determining whether an instruction for displaying an operationscreen containing security information is received from the operatingsection or from the reception unit, and causing, when it is determinedthat the instruction for displaying the operation screen containing thesecurity information is received from the reception unit, screen datafor displaying the operation screen containing the security informationto be transmitted to the external device, and the operation screencontaining the security information to be prevented from being displayedon the display.

According to the present invention, there is provided an informationprocessing apparatus and a control method which are capable of ensuringmutual security in case where security information is displayed in astate in which an image displayed on a display is open to the outside.

The features and advantages of the invention will become more apparentfrom the following detailed description taken in conjunction with theaccompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing an example of a configuration of aninformation processing system including an information processingapparatus according to a first embodiment of the present invention.

FIG. 2 is a diagram useful in explaining programs of the informationprocessing system appearing in FIG. 1.

FIG. 3 is a flowchart of a VRAM delivery process executed by theinformation processing apparatus (server) appearing in FIG. 1.

FIG. 4 is a flowchart of a recovery process executed by the informationprocessing apparatus (server) when network connection with a client isclosed.

FIG. 5 is a diagram showing an example of an image containing securityinformation, which is displayed on a display appearing in FIG. 1.

FIG. 6 is a diagram showing a virtual key “C” appearing in FIG. 5 in astate highlighted according to selection thereof.

FIG. 7 is a diagram showing an example of a message saying that such adisplay as shown in FIG. 6 is prevented from being displayed on thedisplay appearing in FIG. 1.

FIG. 8 is a diagram showing an example of a virtual keyboard displayedon the display appearing in FIG. 1, in a state in which no virtual keyis highlighted.

FIG. 9 is a flowchart of a VRAM delivery process executed by aninformation processing apparatus (server) of an information processingsystem including the information processing apparatus according to asecond embodiment of the present invention.

FIG. 10 is a flowchart of a message receiving process executed by aclient when the client receives a message, after the VRAM deliveryprocess in FIG. 9 is executed.

DETAILED DESCRIPTION OF THE EMBODIMENTS

The present invention will now be described in detail below withreference to the accompanying drawings showing embodiments thereof.

FIG. 1 is a block diagram showing an example of a configuration of aninformation processing system including an information processingapparatus according to a first embodiment of the present invention.

As shown in FIG. 1, the present information processing system isconstructed by connecting a server 100 as an information processingapparatus according to the first embodiment of the present invention anda client 300 as an example of an external device, via a network 200.

The server 100 is a sender of the contents of a VRAM or a virtual VRAM,and the client 300 is a receiver of the contents of the VRAM or thevirtual VRAM of the server 100.

First, a description will be given of a configuration of the server 100.

A main storage unit 101 is implemented e.g. by a semiconductor memory.The main storage unit 101 is formed by a RAM or the like, and is used asa work area of a CPU 1021. Further, an area of the main storage unit 101is allocated to a virtual VRAM. The virtual VRAM is an area regarded asa VRAM separately from the VRAM 104. In the present embodiment, by usingthe virtual VRAM, it is possible to make an operation screen displayedon a display 105 of the server 100 different from an operation screendisplayed on a display 305 of the client 300. Image data stored in thevirtual VRAM for being displayed on the operation screen can betransferred to the VRAM 104, and can be delivered to the client 300. Thecontrol of display of the operation screen using the virtual VRAM willbe described hereinafter. A control section 102 is comprised of the CPU1021 and a program memory 1022 storing programs, and the CPU 1021centralizedly controls component elements of the server 100 inaccordance with control procedures by respective associated programsstored in the program memory 1022.

An input section (operating section) 103 receives an instruction foroperating the server 100. Although the input section 103 may be an inputdevice such as a keyboard or a mouse, in the present embodiment, inaddition to input by the input device, touch input is also assumed whichis made via a virtual keyboard appearing as a virtual input device on atouch panel-equipped liquid crystal or the like which is integrallyformed with the display 105.

The VRAM (video RAM) 104 is mainly comprised of a semiconductor memory,in which contents of a screen formed by the control section 102 arewritten, and the contents are output to the display 105. The display 105on which images of various pieces of information are displayed isimplemented e.g. by a liquid crystal display.

An image data recording section 106 is mainly comprised of a magneticrecording device, such as a semiconductor memory or a hard disk, forstoring (recording) an image formed by capturing contents of the screenstored in the VRAM 104 or formed by the control section 102. Further,the captured image may be delivered to the network 200 without beingrecorded in the image data recording section 106.

A network interface 107 for connection to the network 200 takes out animage of the captured screen directly or from the image data recordingsection 106 and transmits the same to the client 300 via the network200, according to an instruction of the control section 102.

Next, a description will be given of the configuration of the client300.

A main storage unit 301 is implemented e.g. by a semiconductor memory. Acontrol section 302 is comprised of a CPU 3021 and a program memory 3022storing programs, and the CPU 3021 centralizedly controls componentelements of the client 300 in accordance with control procedures byrespective associated programs stored in the program memory 3022.

An input section (operating section) 303 receives an instruction foroperating the client 300. Further, in a case where remote desktopsoftware, such as the VNC mentioned hereinabove, is being executed onthe client 300, the operating instruction received by the input section303 can be an instruction for operating the server 100. The inputsection 303 is formed by an input device such as a keyboard or a mouse.A VRAM 304 is mainly comprised of a semiconductor memory, in whichcontents of a screen formed by the control section 302 are written, andthe contents are output to the display 305. The display 305 isimplemented e.g. by a CRT or a liquid crystal display.

An image data recording section 306 is mainly comprised of a magneticrecording device, such as a semiconductor memory o a hard disc, forstoring an image of the screen which is received via a network interface307. Further, the image of the received screen can be displayed on thedisplay 305 not via the image data recording section 306 but directlyvia the VRAM 304.

FIG. 2 is a diagram useful in explaining programs of the informationprocessing system appearing in FIG. 1.

First, the software configuration of the server 100 will be describedwith reference to FIG. 2. Blocks denoted by respective referencenumerals 401 to 407 are program modules. These program modules arestored in the program memory 1022 of the server 100, and are executed bythe CPU 1021.

A screen processing section 401 forms contents of the screen displayedon the display 105, and for example, forms information on the screen inresponse to a key event of a panel key processing section 404. Further,the screen processing section 401 manages controls forming each screen(all components of the screen, such as buttons, and entry fields) usingrespective IDs, and hence it is possible to recognize that a passwordentry screen or any other screen requiring security is called.

A virtual VRAM image forming section 402 writes out the contents of thescreen formed in the screen processing section 401 into the virtual VRAMbefore writing out into the VRAM 104. At this time point, the contentsare not yet displayed on the panel, but are held in the memory.

A VRAM image forming section 403 takes out the contents written out bythe virtual VRAM image forming section 402 into the virtual VRAM, fromthe virtual VRAM, and writes out the content of the screen into theactual VRAM 104, for displaying the screen on the display 105. Further,the virtual VRAM image forming section 403 402 does not necessarilywrite out the contents of the virtual VRAM into the VRAM 104, butsometimes writes out the other contents into the VRAM 104, as required.

The panel key processing section 404 receives a key event from theclient 300 or from the input section 103 of the server 100, and assignsa key which the screen processing section 401 can handle, to the keyevent, to thereby request the screen processing section 401 to processthe key event.

A command reception section 405 receives the contents of a command sentfrom a command transmission section 601 of the client 300 via thenetwork 200. At this time, for subsequent determination as to whether acommand is input from the client 300 or from the display 105 of theserver 100, a flag or the like indicating, for example, that the commandis input from the client 300 is stored. After receiving the command, thecommand reception section 405 passes the contents of the key event tothe panel key processing section 404 to thereby request the same toprocess the key event.

A connection processing section 406 performs authentication of theclient 300, connection to and disconnection from the same, andmonitoring etc. of the same via the network 200. First, after theconnection processing section 406 enables the server 100 and the client300 to communicate with each other, it becomes possible to receivecommands from the client 300 and transmit images to the client 300.

A screen transmission section 407 transmits a captured virtual VRAM tothe client 300. Alternatively, the screen transmission section 407 doesnot necessarily transmit the contents of the virtual VRAM, but sometimestransmits the other contents to the client 300, as required.

Next, a description will be given of the software configuration of theclient 300. Blocks denoted by respective reference numerals 601 to 607are program modules. These program modules are stored in the programmemory 3022 of the client 300, and are executed by the CPU 3021.

The command transmission section 601 transmits user's operations on thedisplay 305 of the client 300 to the command reception section 405 viathe network 200. The operations on the display 305 include, for example,key input using the mouse or the keyboard.

A screen reception section 602 receives the contents of transmission bythe screen transmission section 407 of the server 100 via the network200. The screen reception section 602 transfers the contents ofreception to a screen processing section 604 to request the same toperform screen forming processing.

An input processing section 603 recognizes an operation performed on thedisplay 305 of the client 300 for key input using the mouse or thekeyboard, and passes the contents of the input to the commandtransmission section 601 to request the same to transmit the same to theserver 100.

The screen processing section 604 receives the contents of receptionpassed from the screen reception section 602, forms a screen to bedisplayed, and requests the VRAM image forming section 403 of the server100 to form an image to be displayed on the display 305 of the client300. Further, the screen processing section 604 sometimes receives thecontents of reception passed from the screen reception section 602, andrequests the VRAM image forming section 403 to display another image onthe display 305, as required.

A VRAM image forming section 605 receives the contents passed from thescreen processing section 604, writes the contents into the VRAM 304,and displays the screen on the display 305 of the client 300.

It should be noted that in the present embodiment, the program modules601 to 607 are collectively referred to as remote desktop clientsoftware. The operations of the remote desktop client software and theprogram modules of the server 100 operate make it possible to cause theoperation screen displayed on the display 105 of the server 100 to bedisplayed on the display 305 of the client 300. Further, it is possibleto transfer the operation input from the input section 303 of the client300 to the server 100. This makes it possible to provide a userinterface to the user of the client 300 as if the user is operating theserver 100 at the client 300.

FIG. 3 is a flowchart of a VRAM delivery process executed by theinformation processing apparatus (server) appearing in FIG. 1.

Here, the term “VRAM delivery” is intended to mean capturing thecontents of the virtual VRAM to be written into the VRAM 104 anddelivering the captured contents to an external device (e.g. client 300)so as to transmit the image displayed on the display 105 to the externaldevice.

In the present embodiment, the term “VRAM delivery” is intended to mean,more specifically, the following processing:

The control section 102 accepts the command from the client 300, or fromthe input section 103, and according to the instruction of the controlsection 102, the contents of the virtual VRAM are captured, and ifrequired, are recorded in the image data recording section 106. Then,the contents are transmitted to the client 300 via the network interface107.

A program for executing this VRAM delivery process is stored in e.g. theprogram memory 1022, and is executed by the CPU 1021.

When the input section 103 of the server 100 is operated, or when thereis an input performed on the input section 303 of the client 300 usingthe remote desktop software, for operating the server 100, the VRAMdelivery process shown in FIG. 3 starts to be executed. First, in a stepS100, a status of the screen display is discriminated. If a normalscreen is displayed on both of the display 105 of the server 100 and thedisplay 305 of the client 300, the process proceeds to a step S101,whereas if not, the process proceeds to a step S106. It should be notedthat the term “normal screen” is intended to mean an operation screen tobe originally displayed on the display 105 or the display 305, but not adummy screen, referred to hereinafter.

In the step S100, to determine on which display the normal screen isdisplayed, a flag (for indicating the server 300 and the client 100,only the client 300, or the only server 100) is provided in advance inthe main storage unit 101, and according to the status of the flag, thedetermination is performed.

In the step S106, it is determined whether or not the apparatus (theserver 100 or the client 300) the display of which displaying the normalscreen and the apparatus on which the operation input has been performedare identical to each other. As a result of the determination, if theapparatus on which the normal screen is displayed is not identical tothe apparatus on which the operation input has been performed, theprocess proceeds to a step S107, wherein the command is not accepted,followed by terminating the present process.

If it is determined in the step S100 that the normal screen is displayedon both the display 105 and the display 305, the process proceeds to thestep S101, as mentioned above. Further, if it is determined in the stepS106 that the apparatus on which the normal screen is displayed isidentical to the apparatus on which the operation input has beenperformed, the process also proceeds to the step S101. It should benoted that based on the operation input from the server 100 or theclient 300, the operation screen is displayed on the display 105 basedon the operation input.

In the step S101, it is determined whether or not a control (entry fieldor the like) containing security information exists in the contents ofthe screen formed by the screen processing section 401. For example, ifa field for entry of a user ID, a field for entry of a password, or afield for entry of personal information, such as an address or the like,exists in the operation screen, it is determined that the controlcontaining security information exists. The operation screen shown inFIG. 5, referred to hereafter, is an example of the screen in which thecontrol containing security information exists.

The determination in the step S101 is performed by listing IDs ofcontrols which can contain security information in advance, storing theIDs in the main storage unit 101 or the like, and checking if any ofthese IDs are identical to any of the ID's of controls contained in thescreen formed by the screen processing section 401. Alternatively, it isalso possible to perform the determination by giving IDs of a specifictype to the controls which can contain security information, anddetermining if any of these IDs are contained in the screen formed bythe screen processing section 401.

If it is determined in the step S101 that a control which can containsecurity information exists, the process proceeds to a step S102,whereas if the no control which can contain security information existsin the contents to be displayed, the process proceeds to a step S108.

In the step S108, the contents of the virtual VRAM are written into theVRAM 104, and the process proceeds to a step S109 to output the contentsof the VRAM 104 to the display 105. The contents of the virtual VRAM arecaptured to create an image in a step S110, and the captured contentsare delivered to the remote computer (the client 300 in this example) ina step S111, followed by terminating the present process. In the virtualVRAM, the image data of the operation screen to be originally displayedon the display 105 of the server 100 is stored.

Next, if it is determined that any control containing securityinformation is contained in the contents to be displayed (YES to thestep S101), it is determined in the step S102, so as to determine whichof the display 105 and the display 305 the contents are to be displayed,whether or not the present command is input from the input section 103.

If it is determined in the step S102 that the command is from the inputsection 103, the process proceeds to a step S103, wherein the contentsof the virtual VRAM are written into the VRAM 104, and then the processproceeds to a step S104, wherein the contents of the VRAM 104 are outputto the display 105. It should be noted that the virtual VRAM stores theimage data of the operation screen to be originally displayed on thedisplay 105 of the server 100.

Further, after displaying the screen in the step S104, the processproceeds to a step S105, wherein the image containing a message saying,for example, that “Computer is in use by some other user right now”which has been prepared in advance in the image data recording section106 to the remote computer, followed by terminating the present process.This operation screen transmitted to the client 300 in the step S105,which is different from the operation screen to be originally displayedon the display 105, is referred to as the dummy screen. This makes itpossible to prevent the operation screen containing security informationfrom being displayed on the display 305 of the client 300, in a casewhere the operation screen containing security information is displayedon the display 105 of the server 100. Therefore, it is possible toprevent the security information from being illegally viewed by a thirdparty. It should be noted that although in the step S105, the dummyscreen is transmitted to the client 300, no image data may betransmitted. In this case, no operation screen is displayed on thedisplay 305 of the client 300. Further, the dummy screen is onlyrequired to be different from the screen displayed on the display 105,and may be a screen displaying a message other then the message sayingthat “Computer is in use by some other user right now”.

On the other hand, if it is determined in the step S102 that not thecommand is not from the input section 103, but from the input section303 of the client, the process proceeds to a step S112.

In the step S112, an image (dummy screen) which has been provided inadvance in the image data recording section 106, for example, in whichthe massage saying that “Computer is in use by some other user rightnow” is contained is written into the VRAM 104. Then, the contents ofthe VRAM 104 are output to the display 105, in a step S113.

Thereafter, in a step S114, the contents of the virtual VRAM arecaptured and formed into an image, and the process proceeds to a stepS115, wherein the captured image of the virtual VRAM is delivered to theremote computer i.e. the client 300, followed by terminating the presentprocess. If the operation screen containing security information isdisplayed on the display 305 of the client 300 based on the operation bythe client 300, it is possible to prevent the operation screencontaining the security information from being displayed on the display105 of the server 100. This makes it possible to prevent the securityinformation from being illegally viewed by a third party. It should benoted that although in the step S112, the dummy screen is written intothe VRAM 104, no screen data may be written into the VRAM 104. In thiscase, no operation screen is displayed on the display 105. Further, thedummy screen is only required to be different from the screen displayedon the display 305, and may be a screen displaying a message other thenthe message saying that “Computer is in use by some other user rightnow”.

That is, if it is determined that the display of the image is based onthe input operation performed on the server 100, the screen transmissionsection 407 stops outputting the image displayed on the display 105 tothe client 300. Then, the screen transmission section 407 outputs theimage of the dummy screen containing the massage saying that “Computeris in use by some other user right now” which prevents the display ofsecurity information (an indication formed by text for avoiding displayof the security information) to the client 300. The dummy screen is, forexample, a screen as shown in FIG. 7.

Further, if it is determined that the display of the image is based onthe input operation performed on the client 300, the screen transmissionsection 407 stops outputting the image displayed on the client 300 tothe display 105. Then, the image of the dummy screen for preventing thedisplay of security information is output to the display 105.

FIG. 4 is a flowchart of a recovery process executed by the informationprocessing apparatus (server) when network connection with a client isclosed.

More specifically, the recovery process is executed when the networkconnection with the client is closed in a state after the steps S112 toS115 are executed in FIG. 3, wherein the screen containing the controlcontaining security information is displayed on the display 305, and thedummy screen formed of the contents including the message saying that“Computer is in use by some other user right now” is output to thedisplay 105 in place of the normal screen.

If the network connection from the client is disconnected in this state,the server does not recover from the state in which the dummy screen isdisplayed instead of the screen containing the security information, andhence it is impossible to operate the server 100. Therefore, the screencontaining the security information displayed only on the client 300 atthat time is displayed on the display 105 of the server to therebyenable the processing to be continued.

In the present embodiment, to detect disconnection from the client 300,there are envisaged several methods including, for example, a method ofsetting up a timer for use in confirming network connection by theconnection processing section 406.

Referring to FIG. 4, first, in a step S200, the status of connection tothe client 300 via the network 200 is confirmed. After confirming theconnection status, in a step S201, it is determined whether or not theconnection to the client 300 is interrupted. If is determined in thestep S201 that the connection to the client 300 is not interrupted, theprocess proceeds to a step S205 to terminate the present processimmediately.

On the other hand, if it is determined in the step S201 that theconnection to the client 300 is interrupted, the process proceeds to astep S202, wherein it is determined whether or not the normal screen isdisplayed only on the client 300. Then, if it is determined in the stepS202 that the present stage is not a state in which the normal screen isdisplayed only on the client 300, the process proceeds to a step S206 toimmediately terminate the present process.

Further, if it is determined in the step S202 that the normal screen isdisplayed only on the client 300, the process proceeds to a step S203.

In the step S203, on condition that the normal screen is displayed onlyon the client 300, the image of the virtual VRAM captured in the stepS114 in FIG. 2 is read and written into the VRAM 104. The image of thevirtual VRAM is the image of the operation screen which is displayed onthe display 305 of the client 300. After writing the image in the VRAM104, the process proceeds to a step S204 to output the contents of theVRAM 104 to the display 105.

According to the recovery process in FIG. 4, it is possible to preventthe server 100 from being left in a state unable to operate, with thedummy screen displayed on the display 105 of the server 100 in a statewhere the communication between the server 100 and the client 300 isdisconnected.

FIG. 5 is a diagram showing an example of the image containing securityinformation, which is displayed on the display appearing in FIG. 1.

In FIG. 5, the display 105 displays a password entry window 41 and avirtual keyboard 42.

FIG. 6 is a diagram showing a virtual key “C” appearing in FIG. 5 in astate highlighted according to selection thereof.

Let it be assumed that such an image as shown in FIG. 6 is displayed onthe display 105 of the server 100, or captured and delivered as it is tobe displayed on the display 305 of the client 300. Since the inputcharacter strings are not displayed as they are on the password entrywindow 41 but “*”s are displayed, which prevents the password from beingillegally viewed by a third party. However, if a key displayed on thevirtual keyboard 42 is pressed, the pressed key is highlighted. Forexample, when the key “C” is pressed, the pressed key “C” ishighlighted, which enables the fact that this key has been pressed to berecognized both on the server 100 and the client 300. Therefore, in thepresent embodiment, the server 100 handles such an operation screen asshown in FIG. 5 as one in which a control containing securityinformation exists.

FIG. 7 is a diagram showing an example of a screen (dummy screen)displaying a message for preventing the display of the screen shown inFIG. 6, which is to be displayed on the display appearing in FIG. 1.

According to the above-described method, an image (dummy screen)displaying the message saying that “Computer is in use by some otheruser right now” as shown in FIG. 7 is provided in the image datarecording section 106 in advance, and the normal screen as shown in FIG.6 is replaced by the image. Therefore, even if this image is output tothe display 105 of the server 100 or is delivered via the network 200,the security is ensured.

FIG. 8 is a diagram showing an example of a virtual keyboard in a statein which no virtual key is highlighted, which is displayed on thedisplay appearing in FIG. 1. The operation screen in FIG. 8 showsanother example of the dummy screen.

In place of the image shown in FIG. 7, by fitting an image part of keytops of the virtual keyboard as shown in FIG. 8 onto the display shownin FIG. 6 in a manner properly superimposed thereon, it is possible toobtain the displayed status shown in FIG. 5, which makes making itpossible to prevent a third party from illegally recognizing which keyis being pressed. Therefore, a method using this image also makes itpossible to safely output the image to the display 105 of the server 100or safely deliver the same to the network 200.

As measures for security, it is general that characters input in thepassword entry window are each replaced by a specific character (e.g.“*”) which has nothing to do with the input characters.

However, in a case where a password is input using the virtual keyboardon the screen being subjected to the VRAM delivery or like cases, evenif the characters input to the password entry window are each replacedby the specific character for display, there arises the followinginconvenience:

Since the virtual key which is pressed on the virtual keyboard ishighlighted for a predetermined time, this undesirably enables thepassword to be recognized on the client 300 to which the screen isdelivered or the server 100 which delivers the screen.

However, the control process of the VRAM delivery in the above-describedembodiment provides the following advantageous effects:

That is, during a time period over which a screen containing a controlcontaining security information is displayed on the display 105 of theserver 100, the dummy screen displaying the massage saying that“Computer is in use by some other user right now” is delivered to theclient 300, in place of the screen (normal screen). This makes itpossible to prevent secret information from being known on the client300.

Inversely, during a time period over which a screen containing a controlcontaining security information is displayed on the client 300, thedummy screen displaying the massage saying that “Computer is in use bysome other user right now” is output to the display 105 of the server100, in place of the screen (normal screen). Therefore, this also makesit possible to prevent secret information from being known on the server100.

Further, there is a possibility of the server becoming impossible to beoperated, in case the connection to the client 300 via the network 200is interrupted in a state in which while a screen containing a controlcontaining security information is being displayed only on the client300, the screen displaying the message saying that “Computer is in useby some other user right now” is output to the display 105 of the server100, in place of the screen (normal screen).

In this state, if the connection to the client 300 via the network 200is interrupted, there is a possibility that the server becomesimpossible to be operated, leaving the screen “Computer is in use bysome other user right now” displayed on the display 105 of the server100.

However, in the recovery process in the present embodiment executed whenthe connection to the client 300 via the network 200 is interrupted, thescreen containing security information, which is displayed on the client300, is caused to be displayed on the display 105 of the server 100.This makes it possible to continue the operation on the server 100.

Next, a description will be given of a second embodiment of the presentinvention with reference to FIGS. 9 and 10. The present embodiment isdistinguished from the first embodiment only in the VRAM deliveryprocess, but the other configuration thereof is the same as that of thefirst embodiment, and further, an information processing systemconfigured to include the information processing apparatus (server) isalso the same as that described hereinabove concerning the firstembodiment. Therefore, component elements of the information processingsystem are denoted by the identical reference numerals, and thedescription thereof is omitted. FIG. 9 is a flowchart of a VRAM deliveryprocess executed by the information processing apparatus (server)according to the second embodiment of the present invention.

Steps S300 to S304 in FIG. 9 executed by the information processingapparatus (server) according to the second embodiment are the same asthe steps S100 to S104 in FIG. 3 executed by the information processingapparatus (server) according to the first embodiment, and hence aredundant description thereof is omitted. Similarly, steps S306 to S315in FIG. 9 executed by the information processing apparatus (server)according to the second embodiment are the same as the steps S106 toS115 in FIG. 3 executed by the information processing apparatus (server)according to the first embodiment, and hence a redundant descriptionthereof is omitted.

That is, the present embodiment is different from the first embodimentonly in that the step S105 in FIG. 3 is replaced by a step S305 in FIG.9.

In the step S105 in FIG. 3, the image displaying the message saying thate.g. “Computer is in use by some other user right now”, which has beenprovided in advance in the image data recording section 106, isdelivered to the client 300.

On the other hand, in the step S305 in FIG. 9, only status informationto the effect that security information is being displayed on thedisplay 105 of the serve 100 is delivered to the client 300, followed byterminating the present process. It should be noted that the statusinformation may be a command to instruct not to display the securityinformation on the client 300.

The image data of the dummy screen is stored in the image data recordingsection 306 of the client 300 in advance, and the client 300 creates anddisplays a screen with the message saying that “Computer is in use bysome other user right now” in response to the reception of this statusinformation from the server 100. This makes it possible to obtain thesame effects as the VRAM delivery process in FIG. 3, and to reduce theload on the network by transmitting the status information of which dataamount is smaller than the image data.

FIG. 10 is a flowchart of a message receiving process executed by theclient 300 when a message is received by the client 300 after executingthe VRAM delivery process in FIG. 9.

The term “message receiving process” is generally intended to mean aprocess executed upon reception of a message from the server 100 by theclient 300, when using VNC or a like function. More specifically, themessage receiving process is intended to mean a process of receiving animage by the screen reception section 602 after the image is transmittedto the client 300 by the screen transmission section 407 appearing inFIG. 2.

A program for executing this message receiving process is stored in e.g.the program memory 3022 of the client 300 and carried out by the CPU3201 of the same.

Referring to FIG. 10, first, in a step S400, the contents havingdelivered from the server 100 to the remote computer i.e. the client 300in the step S305, a step S311 or the step S315 in FIG. 9 are checked.Then, it is determined whether or not the status information to theeffect that security information is being displayed which has beendelivered by the process of the step S305 is contained.

If it is determined in the step S400 that the status information to theeffect that security information is being displayed is not contained,the process proceeds to a step S403, wherein the contents of thedelivered message are displayed on the display 305, followed byterminating the present process.

On the other hand, it is determined in the step S400 that the statusinformation to the effect that security information is being displayedis contained, the process proceeds to a step S401.

In the step S401, the image (image data of the dummy screen) displayingthe message saying that e.g. “Computer is in use by some other userright now” which has been provided in advance in the image datarecording section 306 of the client 300 is read and written into theVRAM 304.

After writing the image into the VRAM 304, the process proceeds to astep S402 wherein the contents of the VRAM 304 are output to the display305 of the client 300. To this end, the image provided in advance in theclient 300 is stored at a predetermined location when the requirementsof the client 300 are configured.

In the present embodiment, when the screen containing a controlcontaining security information is displayed on the server 100, theimage of the screen is not delivered to the client 300, but only thestatus information to the effect that security information is beingdisplayed is delivered.

This causes the image containing the predetermined message saying that“Computer is in use by some other user right now”, which has beenprovided in the client 300, to be displayed, to thereby prevent theimage containing secret information from being delivered, ensuringsecurity.

Further, when the screen containing a control containing securityinformation is displayed on the client 300, as described above, theimage containing the predetermined message saying that “Computer is inuse by some other user right now”, which has been provided in the server100, is displayed on the server 100. This prevents secret informationfrom being displayed, thereby ensuring security.

It is to be understood that the present invention may also be achievedby directly or remotely supplying a system or an apparatus with acontrol program for realizing the functions of the above describedembodiments, and causing a computer included in the system or the liketo read out and execute the supplied program code.

Therefore, to realize the functions/processes of the present inventionon a computer or the above-described devices, the program code itself ofthe control program which is installed in the computer or theabove-described devices also realizes the present invention. That is,the control program itself for realizing the above-describedfunctions/processes is one of which realizes the present invention.

In this case, if having a function of a program, any programconfiguration can be employed, such as a program executed by object codeand interpreter, or script data supplied to an OS, or the like.

Examples of the storage medium for supplying the program code include aflexible disk, a hard disk, an optical disk, a magnetic-optical disk, anMO, a CD-ROM, a CD-R, a CD-RW. Further, examples of the storage mediuminclude a magnetic tape, a nonvolatile memory card, a ROM, a DVD (aDVD-ROM, a DVD-R) or the like.

Alternatively, the program may be downloaded from a website of theinternet/intranet with using a browser of the client computer. That is,the computer program itself of the present invention, or a compressedfile having a function of automatically installing can be downloaded ina storage medium such as a hard disc or the like from the website.Further, it is also possible to realize by dividing the program codewhich constructs the program of the present invention into a pluralityof files, and downloading each of files from various websites. That is,a www server which causes a plurality of users to download the programfile for realizing the function process of the present invention on acomputer can also be a requirement which constitutes the presentinvention.

Further, the program of the present invention may be encrypted andstored in the storage medium such as a CD-ROM or the like, to distributeto the users. In this case, only users who satisfy predeterminedconditions can download key information for decrypting the program froma website via the internet/intranet, and may carry out the program bydecrypting the encrypted program with the key information, and installthe program in the computer.

Further, it is to be understood that the above-described embodiments maybe accomplished by executing the program code read out by a computer. Itshould be noted that an OS (operating system) or the like which operateson the computer may perform a part or all of the actual operations basedon instructions of the program code. It is to be understood that also inthis case, the functions of the above-described embodiments can berealized.

Further, it is to be understood that a program read out from the storagemedium may be written into a memory provided on an expansion boardinserted into a computer or a memory provided in an expansion unitconnected to the computer. It should be noted that a CPU or the likeprovided in the expansion board or the expansion unit may perform a partor all of the actual operations based on instructions of the program.Thus, the above-described embodiments can be realized.

While the present invention has been described with reference toexemplary embodiments, it is to be understood that the invention is notlimited to the disclosed exemplary embodiments. The scope of thefollowing claims is to be accorded the broadest interpretation so as toencompass all modifications, equivalent structures and functions.

This application claims priority from Japanese Patent Application No.2008-110184 filed Apr. 21, 2008, which is hereby incorporated byreference herein in its entirety.

1. An information processing apparatus that is connected to an externalapparatus via a network comprising: a display adapted to display anoperation screen of the information processing apparatus; an operatingsection adapted to receive an operation instruction to the informationprocessing apparatus; a reception unit adapted to receive an operationinstruction to the information processing apparatus from the externaldevice; a determining unit adapted to determine whether an instructionfor displaying an operation screen containing security information isreceived from said operating section or from said reception unit; and acontrol unit adapted to be operable when said determining determinesthat the instruction for displaying the operation screen containing thesecurity information is received from said reception unit, to causescreen data for displaying the operation screen containing the securityinformation to be transmitted to the external device, and the operationscreen containing the security information to be prevented from beingdisplayed on said display.
 2. The information processing apparatusaccording to claim 1, wherein said control unit further causes a dummyscreen which does not contain the security information to be displayedon said display.
 3. The information processing apparatus according toclaim 1, wherein when said determining unit determines that theinstruction for displaying the operation screen containing the securityinformation is received from said operating section, said control unitcauses the operation screen containing the security information to bedisplayed on said display, and the image data for displaying theoperation screen containing the security information from beingtransmitted to the external device.
 4. The information processingapparatus according to claim 3, wherein said control unit further causesimage data for displaying a dummy screen which does not contain thesecurity information on the external device to be transmitted to theexternal device.
 5. The information processing apparatus according toclaim 3, wherein said control unit further causes status informationindicating that the operation screen containing the security informationis being displayed on said display to be transmitted to the externaldevice.
 6. The information processing apparatus according to claim 3,wherein said control unit further causes a command for instructing todisplay a dummy screen which does not contain the security informationon the external device to be transmitted to the external device.
 7. Theinformation processing apparatus according to claim 2, wherein saiddummy screen comprises an indication formed by text for avoiding displayof the security information.
 8. The information processing apparatusaccording to claim 1 further comprising: a detection unit adapted todetect that a communication with the external device via the network isdisconnected, wherein when said control unit causes the screen data fordisplaying the operation screen containing the security information tobe transmitted to the external device, and the operation screencontaining the security information to be prevented from being displayedon said display, said control unit causes the operation screencontaining the security information to be displayed on said display, inresponse to detection of disconnection of the communication with theexternal device via the network by said detection unit.
 9. A method ofcontrolling an information processing apparatus which is connected to anexternal device via a network, and includes a display which displays anoperation screen of the information processing apparatus, an operatingsection for receiving an operation instruction to the informationprocessing apparatus, and a reception unit for receiving an operationinstruction to the information processing apparatus from the externaldevice, comprising: determining whether an instruction for displaying anoperation screen containing security information is received from theoperating section or from the reception unit; and causing, when it isdetermined that the instruction for displaying the operation screencontaining the security information is received from the reception unit,screen data for displaying the operation screen containing the securityinformation to be transmitted to the external device, and the operationscreen containing the security information to be prevented from beingdisplayed on the display.
 10. A computer-readable storage medium storinga computer-executable program for causing a computer to execute a methodof controlling an information processing apparatus which is connected toan external device via a network, and includes a display which displaysan operation screen of the information processing apparatus, anoperating section for receiving an operation instruction to theinformation processing apparatus, and a reception unit for receiving anoperation instruction to the information processing apparatus from theexternal device, wherein the method comprises: determining whether aninstruction for displaying an operation screen containing securityinformation is received from the operating section or from the receptionunit; and causing, when it is determined that the instruction fordisplaying the operation screen containing the security information isreceived from the reception unit, screen data for displaying theoperation screen containing the security information to be transmittedto the external device, and the operation screen containing the securityinformation to be prevented from being displayed on the display.